» max.payne.3.update.v1.0.0.114-reloaded.fo.rar.exe
Overview
Analysis
File Details
Downloads (1)

max.payne.3.update.v1.0.0.114-reloaded.fo.rar.exe

so these collection

Stanislav Kabin

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application max.payne.3.update.v1.0.0.114-reloaded.fo.rar.exe by Stanislav Kabin has been detected as adware by 28 anti-malware scanners. This is a setup program which is used to install the application. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.

File name:

Publisher:

XML deleting a (signed by Stanislav Kabin)

Product:

so these collection

Version:

4.4.0.0

MD5:

85c1544e58f20a8f5d450dc4e389eadc

SHA-1:

b5bbb96450ee0a9361e80e80e9059904769bcb93

SHA-256:

bf835f1fb3db5688c29e9b2a50d129dbf53aae0cd722543d4e391686087f97e2

Scanner detections:

28 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

4/19/2024 11:59:29 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Dropper.103

812

Agnitum Outpost

PUA.MultiPlug

7.1.1

AhnLab V3 Security

Adware/Win32.Agent

2014.11.16

Avira AntiVirus

Adware/MultiPlug.aoa

7.11.186.62

avast!

Win32:PUP-gen [PUP]

141025-0

AVG

Adware Generic_r.QP

2014.0.4189

Bitdefender

Gen:Variant.Adware.Dropper.103

1.0.20.1595

Clam AntiVirus

Win.Adware.Agent-7846

0.98/21411

Dr.Web

Trojan.Crossrider.26283

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Adware.Dropper.103

14.11.15

ESET NOD32

Win32/AdWare.MultiPlug.AQ application

7.0.302.0

Fortinet FortiGate

Riskware/Generic.AC.445

11/15/2014

F-Prot

W32/A-0ddd4ae2

v6.4.7.1.166

F-Secure

Gen:Variant.Adware.Dropper.103

11.2014-15-11_7

G Data

Gen:Variant.Adware.Dropper.103

14.11.24

IKARUS anti.virus

AdWare.Graftor

t3scan.1.8.3.0

K7 AntiVirus

Adware

13.185.14021

Malwarebytes

PUP.Optional.MultiPlug

v2014.11.15.10

McAfee

PUP-FMH

5600.6946

MicroWorld eScan

Gen:Variant.Adware.Dropper.103

15.0.0.957

NANO AntiVirus

Trojan.Win32.Crossrider.dcotbl

0.28.6.63362

Panda Antivirus

Trj/Genetic.gen

14.11.15.10

Reason Heuristics

PUP.StanislavKabin.e

14.11.15.10

Sophos

MultiPlug

4.98

Vba32 AntiVirus

AdWare.MultiPlug

3.12.26.3

VIPRE Antivirus

Threat.4150696

34232

Zillya! Antivirus

Backdoor.PePatch.Win32.39227

2.0.0.1983

File size:

788.9 KB (807,824 bytes)

Product version:

4.4.0.0

Original file name:

recovering

File type:

Executable application (Win32 EXE)

Language:

Ingilizce (Birlesik Krallik)

Common path:

C:\users\{user}\downloads\max.payne.3.update.v1.0.0.114-reloaded.fo.rar.exe

Digital Signature

Signed by:

Stanislav Kabin

Authority:

Unizeto Technologies S.A.

Valid from:

6/23/2014 2:28:15 PM

Valid to:

6/23/2015 2:28:15 PM

Subject:

E=Stanislav.Kabin@hotmail.com, CN=Stanislav Kabin, O=Stanislav Kabin, C=RU

Issuer:

CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:

3469022839E88D596EA6FE14C990AF76

File PE Metadata

Compilation timestamp:

7/21/2014 6:07:04 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:MXb51zrK3cJEnoG+M6ilc8zNAwfj8LzvVc2VGN33PzMhYKvoVEcbT:MX7zrK3D/Z/fYvxVm/kYtVJf

Entry address:

0x178DE

Entry point:

E8, 9F, 7D, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 18, DE, 42, 00, E8, FC, 0D, 00, 00, E8, 2E, 04, 00, 00, 0F, B7, F0, 6A, 02, E8, 32, 7D, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, F0, 45, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Code size:

136.5 KB (139,776 bytes)

The file max.payne.3.update.v1.0.0.114-reloaded.fo.rar.exe has been seen being distributed by the following URL.

http://forallhomee.com/v1160?product_name=Max.Payne.3.Update.v1.0.0.114-RELOADED.FO.rar&installer_file_name=Max.Payne.3.Update.v1.0.0.114-RELOADED.FO.rar&product_file_name=Max.Payne.3.Update.v1.0.0.114-RELOADED.FO.rar&product_download_url=http://fra-7m19-stor01.uploaded.net/.../ee855c7b-b4b1-44d1-bf54-8033dd3e445d

Remove max.payne.3.update.v1.0.0.114-reloaded.fo.rar.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.